Is forbidding concurrent ssh sessions a good idea?
Elazar Leibovich
elazarl at gmail.com
Mon Nov 12 10:40:23 IST 2012
On Mon, Nov 12, 2012 at 10:27 AM, Oleg Goldshmidt <pub at goldshmidt.org>wrote:
> On Mon, Nov 12, 2012 at 10:05 AM, Elazar Leibovich <elazarl at gmail.com>
> wrote:
> >
> > I'm considering to disallow concurrent ssh sessions on a single-purpose
> > production machine (say, DB server).
> >
> > I thought of replacing the default shell with a shell that keeps its pid
> > file in a central place. If such a file already exist, it'll kill the
> other
> > running shell before logging in.
>
> Can't you use MaxSessions and/or MaxStartups in sshd config for this?
>
This options, as far as I can tell, drops new connections. I don't want to
have a locked server, so I always allow new sessions to kill old ones. But
never run concurrently.
(There's a slight issue of scp not working, but this can be taken care of,
by less privilleged user which is allowed in, just for rsync/files)
>
> Whatever you do, make sure sshd kills sessions after some appropriate
> timeout, otherwise you may find yourself in trouble... ;-)
>
No problem with my scheme, if sshd won't kill old sessions, new sessions
will... (or maybe I misunderstand you).
>
> --
> Oleg Goldshmidt | pub at goldshmidt.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20121112/d7a950ed/attachment-0001.html>
More information about the Linux-il
mailing list